Add support for building p256-m alongside Mbed TLS with CMake.
Also check if p256-m is enabled in the config before including the contents of p256-m.c
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt
index e81ff51..67db68d 100644
--- a/3rdparty/CMakeLists.txt
+++ b/3rdparty/CMakeLists.txt
@@ -1,5 +1,10 @@
-execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)
+execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE everest_result)
+execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED RESULT_VARIABLE p256m_result)
-if(${result} EQUAL 0)
+if(${everest_result} EQUAL 0)
add_subdirectory(everest)
endif()
+
+if(${p256m_result} EQUAL 0)
+ add_subdirectory(p256-m)
+endif()
diff --git a/3rdparty/Makefile.inc b/3rdparty/Makefile.inc
index ea100f4..80dc126 100644
--- a/3rdparty/Makefile.inc
+++ b/3rdparty/Makefile.inc
@@ -1,3 +1,3 @@
-THIRDPARTY_DIR = $(dir $(lastword $(MAKEFILE_LIST)))
+THIRDPARTY_DIR = $(dir $(word 2, $(MAKEFILE_LIST)))
include $(THIRDPARTY_DIR)/everest/Makefile.inc
-include ../3rdparty/p256-m/Makefile.inc
+include $(THIRDPARTY_DIR)/p256-m/Makefile.inc
diff --git a/3rdparty/p256-m/CMakeLists.txt b/3rdparty/p256-m/CMakeLists.txt
new file mode 100644
index 0000000..64d0d0f
--- /dev/null
+++ b/3rdparty/p256-m/CMakeLists.txt
@@ -0,0 +1,25 @@
+add_library(p256m
+ p256-m_driver_entrypoints.c
+ p256-m/p256-m.c)
+
+target_include_directories(p256m
+ PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/p256-m>
+ $<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
+ $<INSTALL_INTERFACE:include>
+ PRIVATE ${MBEDTLS_DIR}/library/)
+
+if(INSTALL_MBEDTLS_HEADERS)
+
+ install(DIRECTORY :${CMAKE_CURRENT_SOURCE_DIR}
+ DESTINATION include
+ FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+ DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+ FILES_MATCHING PATTERN "*.h")
+
+endif(INSTALL_MBEDTLS_HEADERS)
+
+install(TARGETS p256m
+EXPORT MbedTLSTargets
+DESTINATION ${CMAKE_INSTALL_LIBDIR}
+PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
\ No newline at end of file
diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c
index 0360ea2..abb9ab4 100644
--- a/3rdparty/p256-m/p256-m/p256-m.c
+++ b/3rdparty/p256-m/p256-m/p256-m.c
@@ -11,6 +11,8 @@
#include <stdlib.h>
#include <string.h>
+#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+
/*
* Zeroize memory - this should not be optimized away
*/
@@ -1464,3 +1466,5 @@
return P256_INVALID_SIGNATURE;
}
+
+#endif
diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c
index 4324858..8df640c 100644
--- a/3rdparty/p256-m/p256-m_driver_entrypoints.c
+++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c
@@ -23,6 +23,7 @@
#include "p256-m/p256-m.h"
#include "psa/crypto.h"
#include "psa_crypto_driver_wrappers.h"
+#include <stddef.h>
#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
@@ -66,11 +67,7 @@
* keys. Allocate a buffer to which the public key will be written. The
* private key will be written to key_buffer, which is passed to this
* function as an argument. */
- uint8_t *public_key_buffer = NULL;
- public_key_buffer = mbedtls_calloc(1, 64);
- if (public_key_buffer == NULL) {
- return PSA_ERROR_INSUFFICIENT_MEMORY;
- }
+ uint8_t public_key_buffer[64];
status = p256_to_psa_error(
p256_gen_keypair(key_buffer, public_key_buffer));
@@ -78,12 +75,6 @@
*key_buffer_length = 32;
}
- /*
- * The storage format for a SECP256R1 keypair is just the private key, so
- * the public key does not need to be passed back to the caller. Therefore
- * the buffer containing it can be freed. */
- free(public_key_buffer);
-
return status;
}
@@ -190,18 +181,14 @@
(void) alg;
psa_status_t status;
- uint8_t *public_key_buffer = NULL;
+ uint8_t public_key_buffer[65];
size_t public_key_buffer_size = 65;
- public_key_buffer = mbedtls_calloc(1, public_key_buffer_size);
- if (public_key_buffer == NULL) {
- return PSA_ERROR_INSUFFICIENT_MEMORY;
- }
- size_t *public_key_length = NULL;
- public_key_length = mbedtls_calloc(1, sizeof(size_t));
- if (public_key_length == NULL) {
- return PSA_ERROR_INSUFFICIENT_MEMORY;
- }
- *public_key_length = 65;
+
+ size_t public_key_length = 65;
+ /* As p256-m doesn't require dynamic allocation, we want to avoid it in
+ * the entrypoint functions as well. psa_driver_wrapper_export_public_key()
+ * requires size_t*, so we use a pointer to a stack variable. */
+ size_t *public_key_length_ptr = &public_key_length;
/* The contents of key_buffer may either be the 32 byte private key
* (keypair representation), or the 65 byte public key. To ensure the
@@ -212,7 +199,7 @@
key_buffer_size,
public_key_buffer,
public_key_buffer_size,
- public_key_length);
+ public_key_length_ptr);
if (status != PSA_SUCCESS) {
goto exit;
}
@@ -226,8 +213,6 @@
signature_length);
exit:
- free(public_key_buffer);
- free(public_key_length);
return status;
}